Scopes and permissions

Scopes represent the various permission levels that an app can request from a user, in order to access the user's Microsoft account services data.

Before your app can make requests to the Live SDK APIs to work with services using Microsoft account, you must get permission from the user. In the Live SDK APIs, this permission is called a scope. Each scope grants a different permission level. You'll find more info about each scope in this topic.
For info about requesting a scope and obtaining user consent, see Obtaining user consent.

Read access to a user's albums, photos, videos, and audio, and their associated comments and tags. Also enables read access to any albums, photos, videos, and audio that other users have shared with the user.

Subset and superset behavior

Certain scopes give access to a subset of the data that is addressed by other scopes. For example, wl.birthday gives access to the user's birthday, but wl.contacts_birthday gives access both to the user's birthday and to birthdays of the user's contacts. In requests that specify multiple scopes, if one scope is a superset of another, the subset scope is ignored. Likewise, if an app has been granted access to a subset scope (for example, wl.birthday), and the user later grants access to a superset scope (for example, wl.contacts_birthday), the subset scope is revoked as redundant. The following table shows the scopes that share a subset/superset relationship.

Accessing a user's public info

There is an exception to the rule that you must get the permission from the user before you can access his or her info: your app can access a user's publicly available info without requesting any scope.
Public info includes the user's ID, first and last names, display name, gender, locale, and picture. For example, the following GET request, without any access token specified, returns the user's public profile info.

Scope details

The following sections provide additional details about the available scopes.

In several of these sections, the Live Connect Representational State Transfer (REST) objects and the corresponding structures that these scopes can access are described in tables. For more info about these REST objects and structures, see REST reference.

wl.basic

The wl.basic scope enables read access to a user's basic profile info and to the user's list of contacts.

The following table lists the structures that can be accessed with user consent to the wl.basic scope.

Note When a user consents to the wl.contacts_birthday scope, the user also implicitly consents to access to the info that is covered by the wl.birthday scope. However, if the user consents to the wl.birthday scope and then later consents to the wl.contacts_birthday scope, the wl.birthday scope is revoked because it is a subset of wl.contacts_birthday and is therefore redundant.

wl.contacts_create

wl.contacts_calendars

The wl.contacts_calendars scope enables read access to a user's calendars and events, and read access to calendars and events that other users have shared with the user. Permissions to shared calendars and events are restricted by the permissions that have been granted to the consenting user.

Note When a user consents to the wl.contacts_calendars scope, the user also implicitly consents to access to the info that is covered by the wl.calendars scope. However, if the user consents to the wl.calendars scope and then later consents to the wl.contacts_calendars scope, the wl.calendars scope is revoked because it is a subset of wl.contacts_calendars and is therefore redundant.

wl.contacts_photos

The wl.contacts_photos scope enables read access to a user's albums, photos, videos, and audio and to their associated comments and tags. This scope also enables read access to any albums, photos, videos, and audio that other users have shared with the user.

This scope enables read access to all of the structures of the Album, Audio, Photo, and Video objects for the user's contacts.

Note When a user consents to the wl.contacts_photos scope, the user also implicitly consents to access to the info that is covered by the wl.photos scope. However, if the user consents to the wl.photos scope and then later consents to the wl.contacts_photos scope, the wl.photos scope is revoked because it is a subset of wl.contacts_photos and is therefore redundant.

wl.contacts_skydrive

The wl.contacts_skydrive scope enables read access to OneDrive files that other users have shared with the user.

Note When a user consents to the wl.contacts_skydrive scope, the user also implicitly consents to access to the info that is covered by the wl.skydrive scope. However, if the user consents to the wl.skydrive scope and then later consents to the wl.contacts_skydrive scope, the wl.skydrive scope is revoked because it is a subset of wl.contacts_skydrive and is therefore redundant.)

wl.offline_access

The wl.offline_access scope enables an app to read and update a user's info at any time. Without this scope, an app can access the user's info only while the user is signed in to Live Connect and is using the app.